[CentOS] I've been hacked -- what should I do next?

Ralph Angenendt ra+centos at br-online.de
Fri Dec 1 12:39:31 UTC 2006


Alfred von Campe wrote:
> >Reinstall, that is my advise.
> 
> That's what I've done in the past too, but I am trying to avoid that  
> option if possible.

I'd opt for reinstallation also, as you normall never can really find
out *what* has been changed, if there is/was an active rootkit on that
machine.

for package in $(rpm -qa); do echo -e "${package}"; rpm -V "${package}"; done

might be of help, also. If rpm didn't get exchanged. If the active
rootkit doesn't intercept that. And so on ...

Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20061201/2c35a330/attachment.sig>


More information about the CentOS mailing list